Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Mathiasdm writes "The Invisible Internet Project, also known as I2P, has seen its 0.7.2 release (download). I2P uses multiple encryption layers, and routing through several other computers to hide both sender and receiver of messages. On top of the network, regular services such as mail, browsing, file sharing and chatting are supported.
This release (and all of the releases since 0.7) is at the start of a new development period, in which the I2P developers wish to spread the word about the secure network. This new release includes performance improvements, a first edition of an experimental new desktop interface and security improvements (by limiting the number of tunnels a single peer can participate in)."

I don't know IIP, but I2p has a darknet, like freenet, but also allows routing to the internet like tor. It's just as slow as any of the other onion routers, but combines good bits from freenet and tor.

I2P creates an entire seperate (though visible) network that allows tcp transport where it is impossible to connect an I2P address to an IP address. It is easy to tell who is using I2P but not what they're doing on the network. I2P also (or at least used to) includes a proxy out to the full internet. I2P is usable but often times fairly slow (mostly because alot of sites are hosted on people's cable/dsl systems).

Invisible IRC only works for IRC, and nothing else.

Tor is more of an anonymizing proxy than an entire seperate network. It's anonymity isn't quite as good as I2P, but in general, you'll get much better transfer rates to the regular internet through tor than I2P.

Freenet is another approach to anonymous network, but is implemented closer to a searchable, distributed, highly redundant, encrypted filesystem. It is anonymous, but only really allows publishing and reading of content, and it is pretty much impossible to have real time (or even close) communication with it.

Comparing I2P, Tor, and Gnunet/Freenet (so not exactly what you're asking), in order of most to least specialized:

Gnunet and Freenet are high-latency networks set up to share files redundantly and anonymously.

Tor is a low-latency network, which works by creating encrypted tunnels through a series of servers to proxy your internet connection anonymously. Also, there exist "hidden servers" on Tor which can only be accessed from the Tor network. They allow servers to be anonymous too. Tor can't run BitTorrent efficiently, as all connections are proxied to the normal internet, don't allow incoming connections from the normal internet, and using Tor's circuit-switched network for the many connections needed to file-share is horribly inefficient. Tor is really built for the client/server model of traditional internet browsing/hosting.

I2P is a more generic low-latency anonymous network. Its nodes can talk to each other anonymously, and it allows other specialized applications to run over it. There is a set of applications for it to make it function similar to Tor and proxy your internet. BitTorrent can also be run on it efficiently to share between I2P users.

Closer comparisons between I2P and Tor:Tor builds circuits between servers which hold whole connections. I2P packet-switches allowing each packet to find an efficient path (its own circuit in Tor-speak). So I'd guess that I2P would be quicker than Tor in many cases, by utilizing more paths efficiently.

Personally, I'm more confident in Tor's anonymity and network, and would use where anonymity was the #1 priority. Tor is tried-and-true, was originally researched by the US Navy, and has ties with the EFF, while I2P is "still a work in progress, and should only be used for testing or development purposes prior to the 1.0 release".

There is a bit of precedent in the technology world for this (IMO, annoying) kind of acronym construction: W3C (World Wide Web Consortium), I2C (Inter-Integrated Circuit), L2CAP (Logical Link Control and Adaptation Protocol), to name a few from memory.

When last I used it seemed that I2P has a whole network of ".i2p" domain things that you could only access if you were a part of the I2P network.Tor is just a proxying service is it not?I think it's something like if Tor was a private network that only Tor users could access.

Both TOR and I2P have hidden networks only accessible if you are using the client. Interestingly, they both also have Freenet 0.5 gateways.When it looked like Freenet 0.5 was going to die (which it's not, people are going back to it from 0.7 in droves), I did quite a bit of testing on both TOR & I2P; I2P is MUCH more anonymous than TOR, in default configuration.

This is far from the first P2P to attempt hiding IP etc. I have not used this system, but all the others that have done (and do) the same thing end up with the same problem -- the system ends up being painfully slow to use.

The question should be how slow is it compared to the speed experienced after the ISP shuts you off (or the authorities confiscate computing equipment) due to an accusation of illegal activity by the *IAA. The performance hit may seem painfully slow until compared to the slowness of 0 bps. In fact, such a system IMHO should have an easy to use toggle (desktop widget, browser plugin) so that "normal browsing" goes through the usual channels and only the limited periods of "private browsing" are experienced with full protection on. Blend in with the crowd by default and leave the security for when you really need it.

The question should be how slow is it compared to the speed experienced after the ISP shuts you off (or the authorities confiscate computing equipment) due to an accusation of illegal activity by the *IAA. The performance hit may seem painfully slow until compared to the slowness of 0 bps. In fact, such a system IMHO should have an easy to use toggle (desktop widget, browser plugin) so that "normal browsing" goes through the usual channels and only the limited periods of "private browsing" are experienced with full protection on. Blend in with the crowd by default and leave the security for when you really need it.

How about anonymous by using an open wireless network? Or use the coffee shop wireless network down the street? Or go to a library? There are many better options for being anonymous if you choose...

Indeed. All viable options. Until you want to connect to a personal service (email, webserver, bank, TPB etc.) on an open and untrusted network. Then your anonymity can be compromised by any enterprising kiddie monitoring the network. It's not about being anonymous via connecting from a network other than the home account, it's about being anonymous by going into stealth-mode so it's hard to determine who you are and what you are up to regardless of where you are connecting from.

Provided you only do it once (or a couple times), or never use the same network twice for the same activity.

1. Use anonymous network for "illegal" activities2. Get spotted in XYZ location on ZYX network3. "They" show up, find nothing suspicious by then4. They sit there and watch the network5. You show up again, they see your (same) network activity, do a triangulation or whatever6. ???7. Loss of profit.

Do better than that. Leech off of others wifi, or use public free wifi to do "high risk downloading".

Frankly, nobody cares about crap group or god_awful_teevee show. It's the Wolverines, Cams and leaks the biggies care about. If you rapidshare a book once in a while, or download unlicensed anime/foreign tv shows, nobody cares. It's when you hit the dangerous stuff, or are blatantly peaking usage caps (if you ARE the top user in the city, or near it).

Using free public WiFi to do "high risk downloading," unless the person so doing is savvy enough to change his/her MAC address, leaves the MAC address in the provider's logs. So when the Secret Service/FBI/MAFIAA come knocking, there's an identifier traceable to the particular machine used to conduct said download, unless the person happened to pay cash for his/her laptop while providing no personal information, and (depending on how "high risk" we're talking about here) wore clothing obscuring the face whi

Even better, don't only encrypt things you want encrypted. Add encrypted true random data to any mails you send, to web pages, etc. As the encrypted random data will be largely indistinguishable from actual content but impossible to decrypt it'll clog any listeners decryption capabilities, forcing them to either white list you or be stuck with a huge pile of largely undecipherable junk which may or may not contain something they might want to attempt to decrypt.

The desire of our dear leaders to expand surveillance to everyone everywhere and take the authoritarian road is, perhaps, unstoppable, but fortunately it also creates a huge funnel collecting sand for the machinery.

I agree that everything should just be encrypted by default, but I'm not sure that encrypted traffic looks suspicious any more.

Thanks to protocol encryption in BitTorrent, widespread use of VPN connections and SSL encrypted packets are hardly rare these days. In fact, I remember there was a story a few years ago when BitTorrent protocol encryption first came in, where MI5 and other spying agencies were complaining that it made their jobs a lot harder.

It has been some years since I last submitted or received an unencrypted e-mail. Unfortunately only the part to my provider or my own server are encrypted (IMAPS/SSMTP), but hey, It certainly adds to the noise.:)

Speed
Cost
Privacy
Pick two.
Currently privacy requires a bandwidth overheads to hide the traffic. You can pay companies for private VPN's in other countries that won't give you up, and avoid some speed hits. For most of us though we're stuck with masking our traffic on the cheap end.

Any attempt at obfuscation will draw the attention of interested parties. A change from "normal" to "private" will be noticeable. Blending in means acting normal, not suddenly pulling a ski mask over your face when you're about to pull a heist.

When contemplating this, it is important to realize that participating in projects like I2P and (especially) TOR increases the chances of being cut of from the Internet or worse. After all, your IP address will be involved in criminal activities, and you will have no way to pass the buck to those who are really behind said activities.

Toggle is easy. Just use two different browsers. Maybe your favorite browser is Firefox, and your second favorite is Chrome. Configure Firefox to use normal ports, configure Chrome to use the ports provided by the anonymity service. You can do normal browsing, and carry on anonymous business SIMULTANEOUSLY!!

Slow? Yeah. But, I'm willing to spend the time waiting for pages to load, to read the sekrit stuff people have to say about life under this or that repressive regime.

Maybe it is slow, but currently that is the price for anonymity. If you don't think waiting a few seconds here and there is worth it for being anonymous then don't use services like this. There are plenty of people who think anonymity is worth a lot more than that. If you only want to be anonymous if its convenient and without negative side effects then you are probably not one of the ones who need to be anonymous.

If you only want to be anonymous if its convenient and without negative side effects then you are probably not one of the ones who need to be anonymous.

Having more anonymous people increases the anonymity of everyone. The reason being that if you can identify non-anonymous people, you who is a member of the "anonymous" sub-demographic by the simple principle of exclusion. Details about timing of certain data requests may even narrow it down to a specific individual. The more anonymous data that traffics the internet, the more difficult it is to isolate any of it in particular.

It is also important to have widespread anonymity because this is the only w

"Shit, the people of our country might be able to share free and uncensored speech and information among themselves.

Wait, I know how to fix this! Headlines! "OMG Secret Pedophile and Terrorist Network" - anyone who wants to be anonymous on the internet/must/ be a pedohile or a terrorist. If you have no pedophilia or terrorism plots to hide, you have nothing to hide!"

With data retention becoming reality in Europe, it's only a small step until employers become interested in the data. Why did my employees gather information about certain diseases? Why are they looking at job pages? Why are they looking at my competitor's page or even exchange information with him?

None of these sorts of things, AFAICT, let you monitor what's going through your node. And that's important to me. Whilst I support free speech and the rights of people to communicate without government interference, I'm damned if my resources are going to be used to propagate child pr0n.

None of these sorts of things, AFAICT, let you monitor what's going through your node.

Of course NOT. That defeats the whole purpose of these communication methods in the first place.

1) Anonymous. As far as the destination network/server/device is concerned your identity was obfuscated and protected by a system of uncertainty. Since all participants in the anonymous network are routing traffic for each other, it is impossible to tell for certain if the traffic originated from the operator of the exit node

"It is a "your with us" or "your against us" answer here. You CANNOT EVER apply your content filtering to data flowing through your node. It violates the very principles by which these networks were created."

Which is why I don't feel I can participate.

There *is* a middle ground in which to operate. It is possible to create a network in which you only connect to known third parties and (unless others have added extra encryption) see what's going across your node without knowing where it originated or what it

So don't use the network.I would never, ever condone the creation or propagation of CP, but one downside of such an anonymous network is that it can be abused like this.

If it wasn't so difficult (potentially life-altering) to report abuses to the authorities, I don't think we'd have many of the issues we have now. Part of my job is to monitor internet usage, and as such I have to expect that I could be exposed to something truly horrific, but I'm also protected from prosecution by having tha

I'm damned if my resources are going to be used to propagate child pr0n.

You do realise that your taxes are being used to build and maintain roads? How do you think these people manage to get children, rapists and recording equipment together in the same location? At some point a car is very very likely to be involved.

So what you're saying is that the people who do road works are taking an active role in child pornography because they helped build the roads? Or that Al Gore is responsible for the child pornography being spread via the internet? He had an active role in having the thing built (by varying degrees of 'built').

Just because something can be abused for bad things, doesn't mean everyone involved in its creation are responsible for those bad things.

"Just because something can be abused for bad things, doesn't mean everyone involved in its creation are responsible for those bad things."

Hi, sorry if I gave the impression that I think either the product or the developers are in and of themselves evil. I think it's fantastic that this tech exists from a freedom point of view and from a crypto-geek point of view. I support people's rights to create and use software such as this, if they want to.

Regardless that it is anonymous, in the end I am the one responsible for what my node does.

What we really need to move towards is a disconnected Mesh network, where I am not providing Internet Access. My AP connects up with X other AP's in the area and we create a mesh. That's the network. Starts out small, like the Internet did. Eventually everyone ends up on the mesh network, too. I can access CNN because it's got a mesh address. My traffic flows from my AP through perhaps hundreds others to get t

So to discourage the development of NSA-proof networks the Obama administration should announce that the RIAA and MPAA have been told that they will no longer be able to sue free P2P sites and users? Or that the definition of "fair use" has been redefined into something more agreeable?

This is a real problem if you think about it. My experience with TOR.onion, or I should say what my friend has told me about TOR, is that there's a lot of child porn. Freenet is a lot better in that regard (significantly less child porn), but I don't know anything about I2P.

I am not surprised. The person interested in child pron is perfectly aware that their desires are not accepted by society and will result in being ostracized by the other members of society and imprisonment by the authorities. As a r

I designed one of these about a decade ago and did some prototyping. Since I don't seem to have the time to realize it, here are a few extra features that could be added (if i2p does not already include these).

Encrypted-file-fragmenting, auto-globally-migrating, auto-redundant replicating "virtual" data store layer. Stored files automatically seek to be replicated enough times to be guaranteed perpetually persistent, and also seek to move to newer and better physical storage sites, and to globally distribute themselves, and auto-cache near user when needed.

With this addition, we may have the basis for, for example, a Facebook-like on-line identity avatar which is not owned by a single company like Facebook but just floats around all over the P2P network, and is truly owned by the person who it is about.

With that freeing up of the online identity from external control, we could extend it to include important identity information needed for the citizen to function in society. Medical records, different identity numbers for different government agencies, your real-world address, etc. All of these properties about you could be placed online by you following standard protocols and placed only onto a secure virtual site in the i2. Permission model would of course be default no permission, opened incrementally to authorized and authenticated other parties.

If we had this, the onus could now be placed on governments, medical systems, post offices, etc. to come to your avatar and request permission to know your address, or your medical number etc. No more change of address rigamerole. No more problems in your paperwork or medical history maintenance because you happen to move to another state or country.etc.

It all relies on the open standards for the info and privacy protocols, and on the confidence of the person to put their info into a secure, encrypted, and non-owned virtual internet location.

He called it either a Mediator or a Cypherclerk. Its job was to authenticate, verify, encrypt, decrypt, submit to the network, retrieve from the network, and other general security functions based upon a civilization of sentient software. Although Egan leaves much to be desired about the details, he seems to indicate that it is also semi-sentient, as it learns. Nothing can be "run" on it, as we can do with our computers these days.

Most of the names in Eureka Seven were mash-ups of famous musical artists or scientists, so I assumed that when they used Greg Egan it was another mashup. Apparently the real Greg Egan had some input into the storyline of the anime when it came to theories of the end of the world.

And while I'm not a lunatic when it comes to watching anime, currently there are quite a few shows that have higher quality storylines and characters than the normal slop they throw on TV in the US. The mainstream stuff is usually

I should have added this before, but this is how I look at an anime: If you believe that the voice actor's voice fits the character good enough to make them a believeable character, then there's no difference between this person and a real actor. After that, its how much of the story and overall plot you enjoy, much like going to the movies to see one of your favorite actors.

You could also compare it to shopping for a netbook. While almost all of them have identical features, the one thing that is completel

I designed one of these about a decade ago and did some prototyping. Since I don't seem to have the time to realize it, here are a few extra features that could be added (if i2p does not already include these).

Here's a tip for anybody thinking of implementing something like i2p, tor, freenet, etc: if the user has to do anything and if it impacts performance it's not worth doing.

What's needed is something simple and pervasive:

1) compatible with regular TCP2) optional so it is only in effect when both the source and destination support it3) 'weak' so that there is not much performance impact, so there is no reason to disable it

For sake of example, half of an xtea [wikipedia.org] key can be sent by the SYN using the TCP options fie

Seriously though, those are some AWESOME ideas. However, I think the idea that the government would not be granted automatically "full" permissions on the data, and they would have no ability to identify the people using it, or basically have any level of control over it.... would be extremely undesirable. That is, of course, an understatement.

I could just be cynical and paranoid (truthfully it is not could) but your ideas will probably never see the light o

Okay, you want a faster network that doesn't have multiple layers, encryption, etc.? Fine -- use the NSA, CIA, FBI, DHS, ABC, NBC, LMNOP supported and approved network. Sorry to break it to you guys, but a global, multinational, digital, and public communications network is going to have interests on it you aren't going to like or want to see what you're sending. This is true no matter who you are. That's the nature of a PUBLIC communications network. Suck it up. Our governments inability to protect our rig

I2P only encrypts and anonymises the transport. It's up to you to host the services on your machine. I2P just means people can use those services (e.g. a webserver) without knowing who is hosting them, and without you knowing who is accessing them. IF you go off-line, your service goes offline too.

Freenet, on the other hand, does have an encrypted and distributed data storage layer. You can go off-line and your website will remain available.

I see NAT as a very workable solution and definitely donot see any major downsides to it at all. I donot want more than one machine addressable directly. I know that with IPv6 everything that NAT can do is possible with IPv6 as well. I just donot see NAT as being such a bad solution that it can be used as an argument to push for IPv6.

In the end, it will still be the same -- even if all my machines did have their own IP addresses, I'd be damned stupid to not set up one as a firewall/proxy for all the othe

Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end.

Sorry, I had to laugh a bit there. That's VERY naive. In anonymizing networks, HTTPS is the only thing that protects you from possibly corrupt exit nodes by encrypting the traffic between your browser and the destination webserver. To claim I2P doesn't need HTTPS support is misleading or at least ill-phrased.

This is I2P, not Tor. There are no exit nodes. The destination server is inside the I2P network. As stated in your own quote, the encryption truly is end-to-end, and HTTPS would consequently be redundant.

It wouldn't even help for authentication, since these sites don't exist on the public Internet (they use a private.i2p TLD), and no certification authorities exist for such domains. What benefit you could get from a self-signed key is inherent in the I2P network itself, as endpoints are identified by their

So far as I2P itself is concerned, there are no exit nodes. Everything you can contact via the I2P protocol is internal to I2P (similar to Tor's.onion domains). Contrary to Tor, the I2P client software does not provide any outproxy service, by default or otherwise. Some people choose to run ordinary proxy servers which accept connections from I2P hosts and forward them to the public Internet. There are a very small number of these at the moment; I only know of one (false.i2p). They could just as easily pro

act as a proxy that makes connections to public webservers on your behalf and routes your data through the anonymizing network

And, no, the second "mode" is not meaningless or unnecessary. In fact, it's the primary usage for this stuff. And as such, HTTPS support is pretty important for all the reasons I laid out in the other comments.

In fact, proxying out to the vanilla Internet may be your primary usage for "this stuff", but that doesn't mean it is considered the primary usage by the devs, or the rest of us who use it.

So that's what's left of your argument? In the light of your wrongness on technical grounds you are now essentially saying that my original concern doesn't matter anyway because "who would ever want to contact public servers"?

*sigh* OK, I admit I'm talking about "normal" users here. If the original intent was to just crea

They didn't build exit node functionality into I2P; the outproxies (actually, the one outproxy currently active, false.i2p) are ordinary servers which you can access via the I2P network, the same as any internal webserver or e-mail host. If anyone wanted to run an HTTPS outproxy they could set one up; the I2P network supports that already without modification.

For those who primarily want to access sites on the public Internet, the I2P developers explicitly recommend Tor over I2P.

Methinks you are a bit confused, unfortunately. As sibling posters have said, I2P has no exit nodes as Tor does.

It's not me who's confused, and sometimes it doesn't matter how many people keep insisting on wrong things, they are still wrong. Reality is not democratic.

As sibling posters have said, I2P has no exit nodes as Tor does.

Yes, it does. Do me a favor. Install I2P, change the proxy settings of your browser to localhost:4444 or whatever is configured after you start the service. You'll notice that you can, via randomly chosen exit nodes, access any HTTP URL. Now do a remote host lookup to confirm where your exit node is. This will be the moment you realize that you're wrong.

HTTPS/SSL also fails with Tor's exit nodes

No, it does not. In fact, the text you quoted proves you wrong right here: "any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL."

See, Tor can (and does) route SSL traffic transparently between your target webserver and your browser. There is no technical reason I2P cannot do the same and I'm guessing that they simply haven't gotten around to coding that feature yet.

I've been using I2P on-and-off for quite a while, and it is way faster than 2Kbps. BitTorrent over I2P can reach speeds of 50KBps and it could probably go faster if there was a mature BitTorrent client for I2P. Latency is low as well. Overall, I2P is much more usable than TOR.

"Now try to actually find some torrent" and "critical mass' of users."

Getting it to a critical mass of users is going to be a very important goal, but ironically I think help will come from companies like Phorm. As a lot of people are going to want to seek ways to avoid being so mercilessly exploited by companies like Phorm. Its ironically a very good rallying cry to effectively market I2P as a means to avoid Phorm. (I2P isn't perfect (yet) at avoiding Phorm, but its a lot better than not having it).

Unlike with Tor, each user is a router (especially true for high-bandwidth users). Obviously people are not a router to the regular net (as that could get people in trouble), but all users route data through the I2P network itself.
In other words, if you want high-bandwidth bittorrenting, it helps a lot to contribute bandwidth yourself (makes you well-integrated). This keeps leechers to a slightly lower level.
Secondly, as torrents consume a lot of bandwidth, they also provide cover traffic for other peop